At present, FTP file server is common in many units. Through the FTP file server, we can make LAN users share files together, which is convenient for everyone to work together. At the same time, it is more secure to store employees’ work achievements, intangible assets and trade secret information in FTP file server. However, it is also necessary to strengthen the management of FTP file server to prevent unauthorized personnel from accessing and using it at will. At the same time, it is also necessary to prevent personnel who have access to FTP server from accidentally or maliciously destroying FTP files, This needs to strengthen the management of FTP file server, protect the intangible assets and business secrets of the unit.
So, how do enterprises and institutions realize the security management software of FTP file server and protect the security of FTP file server? The author thinks that it can be realized through the following two ways:
1、 Through the operating system of FTP file server to set the file access rights of FTP server. The specific methods are as follows:
First of all, the folder that needs permission protection must be created in NTFS partition. The resource in FAT32 partition cannot set permission.
Permission setting example: set that only the specified user can remotely operate the file.
1. Right click on my computer, click Manage (g), and then add a user to local users and groups (the name I added is JS).
2. Then right-click the home directory root folder of the FTP server and select properties. Under the security tab, click Edit, then select add, enter the user JS you just added, and click OK.
3. Then select JS and set what permissions you want to give JS. In order to save trouble, I’ll let him control it completely.
4. Is this the end? No, it’s not over. Now you need to add JS to IIS. The above settings only allow JS users to do what kind of operation on this computer, but FTP service settings so far have not set a user can write permissions. Open the authorization rule, then select Add permission rule from the right, and then set the permission of JS. Now it’s OK.
So far, the control of permissions is like this. If you only want JS to write but not modify, win7 does not have this function, but you can control the permissions of the resource manager by setting JS, that is, the rules allowed by FTP and the system can be implemented at the same time. If you can compare with SVN, I believe you will understand better.
2、 With the help of special FTP server file recording software, FTP file management software to strengthen the management of FTP file access.
After we assign access rights to the FTP server, this problem often occurs. Users with file modification rights often accidentally or maliciously delete the shared files of the FTP server. Because there is no special FTP server file monitoring software, network administrators often do not know which user has done the above operation on the shared files. For this reason, we also need to use special FTP server monitoring software to check the specific operation of FTP server files by LAN users in real time. For example, there is a “general trend to FTP server management software” (download address: http://www.grabsun.com/ftpjk.html）It can record the upload, download, open, read, modify, delete, cut and rename of FTP server files by LAN users in detail. It can also record the IP address, MAC address, host name and other information of visitors in detail. It can also record the account and password of visitors logging in to FTP server, So it is convenient for the network administrator to check the specific operation of the FTP file server by the local area network users in real time. As shown in the figure below:
First of all, download “Dashi to FTP file server monitoring software” from the Internet, then open the software installation package, install WinPcap packet capture driver first, then open the main program of “Dashi to FTP file server monitoring software” (dszftp.exe, installation free, double-click to open), then select your current network card, and click “start monitoring” later, It can record all kinds of access operations of LAN users to FTP file server in detail, such as uploading, downloading, modifying, deleting, moving, renaming, etc., and record IP address, MAC address, host name and other information of visitors in detail. As shown in the figure below:
Figure: Dashi to FTP file server monitoring software
At the same time, you can also export the log formed during the monitoring period of “Dashi to FTP file server monitoring software” to excel format, so as to facilitate the subsequent audit, so as to strengthen the file security management of FTP file server.
In short, to effectively protect the file security of the FTP server, on the one hand, it needs to make full use of the relevant configuration of the FTP server operating system, on the other hand, it also needs to use the special FTP file management software and FTP server file operation record software to achieve the truly effective file access management of the FTP server, Protect the security of intangible assets and trade secrets of the unit.